Oracle Blog

From My Brain to Your Browser

Tuesday Apr 03, 2007

Overcoming some obstacles that developers face when using Solaris Containers
(aka Zones), Doug
Scott documented a method of building a zone which will
never be patched from the global zone. In other words, when a patch is
applied to the global zone, it will not be applied to a zone built using
this method, even if the patch is for a package which is marked
ALLZONES=true.

Normally, a package with that parameter setting will
require that the package be installed in all zones, and patched
consistently in all zones.
Branded zones,
also called 'non-native zones,' are exempt from that rule.
Branded zones allow you to create a zone which will run applications meant
for another operating system or operating system version. The first
official brand is 'lx'.
An lx-branded zone can run most Linux applications.

Note that this method would not be supported by Sun for the following
reasons:

It uses the BrandZ framework, which is available via
OpenSolaris, but not
yet supported by Sun.

It requires you to edit system files which you shouldn't edit; the
syntax of those files can change.

Eventually, a patch will modify the kernel and libc (or other
kernel-dependent libs) in such a way that they will be incompatible
with the cbe-branded zone. Some patches must be applied manually to keep
this cbe-branded zone synchronized with the global zone.

Also, note that a zone built like that will no longer benefit from one
of the key advantages of zones: management simplicity. You must figure
out which patches must be applied to a cbe-branded zone.